In order to create a custom role definition in a subscription you own, you can clone an existing role defition and modify it by adding or removing resource provider operations. You can run the following script.

If you get an error stating that "Registering the Resource Providers failed. The client does not have authorization to perform action over scope. Authorizationfailed." for a delegated power user, even though you assign the person Owner role at Resource Group level in your Azure ARM RBAC mode, that means you need to register all resource providers. You can overcome this minor issue, by running the following script.